The use of social media sites such as Facebook™, Myspace™, Google™, LinkedIn, Yahoo™, and others is growing. Social media sites may allow users to post a large amount of information, including personal information, with the public and others. Social media sites may allow users to indicate relationships with other account users such as friends, relatives, co-workers, etc. Account users having a relationship with a first account user may have varying levels of access to the first account user's data. Social media sites may also serve as a platform for third party applications and may provide APIs and certain levels of access to account user data. Although a user may grant access to an application, the level of access that an application has may not be entirely clear to the user.
Users may forget a password to an account such as a social media site account, an email account, a financial account, or other accounts. An account provider may allow an account user to set up one or more questions which the account user may answer to gain access to an account when a password or other credential is forgotten. These forgotten password questions may be questions answerable by browsing public information associated with a user. For example, if a user has to provide a mother's maiden name to a financial account provider in order to reset a password, such information may be available and/or inferable from social media sites associated with the user. A user may have a relationship to a mother indicated on a social media site. The mother may in turn have a relationship to her brother indicated. By tracing a link of social media relationships to an uncle on the user's mother's side, the user's mother's maiden name may be identifiable.
As another example, a posting of a picture tagged “birthday” and also tagged with a user name and a date, may provide a user birthday. Such information may be available not only on a user's social media site, but also on the social media site of a friend or relative.
Thus, the information to identify answers to forgotten password questions may be identifiable via a user's social media data to hackers and others seeking access to user accounts.
In view of the foregoing, it may be understood that there may be significant problems and shortcomings associated with current technologies for mitigating compromised network security associated with forgotten password attacks.